For second consecutive year, employees are aware of the risks
associated with inadequate USB drive security – but aren’t following
best practices

POWAY, Calif.–(BUSINESS WIRE)–Apricorn,
the leading manufacturer of software-free, 256-bit AES XTS
hardware-encrypted USB data storage devices, today announced results of
its latest report, “The State of USB Data Protection 2019: Employee
Spotlight.” The report revealed that for the second year in a row,
employees are aware of the risks associated with inadequate USB drive
security – yet aren’t following best practices. The survey report, which
polled nearly 300 employees across industries including education,
finance, government, healthcare, legal, retail, manufacturing, and power
and energy, examined year-over-year trends of USB drive usage, policies
and business drivers.

The report reveals that while employees have been the main driving
factor behind the use of USB drives in the workplace (according to 68
percent of respondents), employees have also been placing their
organizations at significant risk. For example:

While 91 percent of respondents claimed that encrypted USB drives
should be mandatory, a full 58 percent of respondents confirmed that
they regularly use non-encrypted USB drives

Meanwhile, although 64 percent of organizations have a policy
outlining acceptable use of USB devices, 64 percent of respondents
said their employees use USB drives without obtaining advance
permission to do so

Furthermore, in yet another example of employees discarding best
practices and policies, nearly half of employees lost a USB drive
without notifying appropriate authorities about the incident

Beyond these unfavorable findings, one of the most alarming statistics
was the fact that employees are taking more security shortcuts than ever
before. By comparing the key results of this survey against Apricorn’s previous
USB data protection report, several troubling trends emerge,
including:

A higher percentage of employees are using USB drives without
obtaining advance permission to do so: 64 percent in 2018, compared to
57 percent in 2017

There has been an increase in the percentage of employees that aren’t
notifying appropriate authorities after losing a USB drive: 48 percent
in 2018 versus 39 percent in 2017

In another example of employees unknowingly putting their
organizations at risk, there was an uptick in the proportion of
employees that use non-encrypted USB drives, such as those received
“free” at conferences: 58 percent in 2018, compared to 56 percent in
2017

One encouraging note that indicates a positive trend: there was a 24
percent drop in the number of organizations regularly using
non-encrypted USB devices (58 percent in 2018, compared to 82 percent in
2017). It is crucial that this percentage continues to drop, considering
that the Ponemon Institute estimated
that the average total cost of a data breach increased by six percent
between 2017 and 2018, to $3.86M per breach.

“Organizations need to be more vigilant than ever about data protection,
and this isn’t simply due to the increased sophistication of attackers,
but also the significant unintended risk organizations are exposed to by
their employees,” said Mike McCandless, Vice President of Sales and
Marketing at Apricorn. “Our report confirms that while employees have
good intentions for USB device security, their employers need to
implement strict security policies to defend against the shortcuts
employees will invariably take. And beyond policies and procedures,
organizations would be wise to reinforce that their employees use
encrypted USB drives that require a unique PIN.”

Apricorn surveyed nearly 300 employees from industries including
education, finance, government, healthcare, legal, manufacturing and
retail in the fourth quarter of 2018. This survey was completed online,
and responses were random, voluntary and completely anonymous.

ABOUT APRICORN:

Headquartered in Poway, California, Apricorn provides secure storage
innovations to the most prominent companies in the categories of
finance, healthcare, education, and government throughout North America,
Canada and EMEA. Apricorn products have become the trusted standard for
a myriad of data security strategies worldwide. Founded in 1983,
numerous award-winning products have been developed under the Apricorn
brand and for a number of leading computer manufacturers on an OEM basis.